Evidence: System Logs
Description: Collect System Logs
Category: System
Platform: linux
Short Name: sysl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Linux syslog contains comprehensive system-wide logs including application messages, system events, and daemon activities. It's the primary logging facility on Debian-based systems (Ubuntu, Debian) and captures all non-kernel system messages.
Data Collected
This collector gathers structured data about system logs.
Collection Method
This collector gathers syslog files from /var/log/syslog*, including rotated logs, which contain timestamped system events and application messages.
Forensic Value
Syslog is critical for investigating system events, application activities, service failures, and security incidents. It provides a comprehensive timeline of system operations essential for incident response and forensic analysis.
